Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{45F5A85B-F571-403B-92A0-3CF114E8917C}] 'Exec' = 'http://click.clickstory.co.kr/?vanilla=QTFLTGZxOTEvSjBiOGRWVk93UFhNZFkwVVhhMzk3RWxEMUkwSktyOG9GNWlUTmRX&turl=http%3A%2F%2Fwww.auction.co.kr'
- %TEMP%\7zS1.tmp\program\baconeclick.exe
- %TEMP%\7zS1.tmp\sideplus.exe /S
- <SYSTEM32>\searchclickinst.exe /S
- <SYSTEM32>\cmd.exe /c %TEMP%\7zS1.tmp\unst.bat
- <SYSTEM32>\regsvr32.exe "%PROGRAM_FILES%\searchclicksrv\searchclickb.dll" /S
- <SYSTEM32>\cmd.exe /c <Текущая директория>\unst.bat
- %WINDIR%\gmclick.ico
- %WINDIR%\auclick.ico
- %PROGRAM_FILES%\searchclicksrv\searchclickdel.exe
- %TEMP%\7zS1.tmp\unst.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\execute[1].php
- %WINDIR%\bgclick.ico
- %PROGRAM_FILES%\searchclicksrv\searchclickb.dll
- %TEMP%\7zS1.tmp\program\baconeclick.exe
- <Текущая директория>\unst.bat
- <SYSTEM32>\searchclickinst.exe
- %TEMP%\7zS1.tmp\program\searchclickb.dll
- %TEMP%\7zS1.tmp\sideplus.exe
- %TEMP%\7zS1.tmp\program\searchclickdel.exe
- %TEMP%\7zS1.tmp\sideplus.exe
- %TEMP%\7zS1.tmp\program\baconeclick.exe
- '22#.#22.197.13':80
- 'localhost':1036
- 22#.#22.197.13/~smartup/execute.php?m_################################################################################################################
- ClassName: 'Shell_TrayWnd' WindowName: ''